Solved: Authorizing users based on ip subnet

rroulhac · ‎03-09-2017

Hello All,

Can we authorize a subset of users based on IP subnet in ISE 2.2?

I have found the CISCO AV PAIR of cisco-ip-pool= but not sure if this is looking at the endpoints IP and detecting that it is in the subnet range or not.

any assistance would be helpful.

--

Grace and Peace,

Robert E Roulhac Jr

Virtual Systems Engineer II

Cisco TSN (Technical Solutions Network)

rroulhac@cisco.com

Office: 919.5745455

Charlie Moreton · ‎03-09-2017

Yes, you can. First create the Condition by navigating to Policy > Policy Elements > Conditions > Network Conditions > Endstation Network Conditions. Enter the information to include any IP Ranges and click Submit.

To use this in a Authorization Policy, navigate to you policy set and choose Select Existing Condition from Library.

The choose Network Condition

And finally select the Network Condition you created.

Assign an Authorization Profile to the rule and Click Save.

View solution in original post

Charlie Moreton · ‎03-09-2017

Yes, you can. First create the Condition by navigating to Policy > Policy Elements > Conditions > Network Conditions > Endstation Network Conditions. Enter the information to include any IP Ranges and click Submit.

To use this in a Authorization Policy, navigate to you policy set and choose Select Existing Condition from Library.

The choose Network Condition

And finally select the Network Condition you created.

Assign an Authorization Profile to the rule and Click Save.